Commit Graph

1115 Commits

Author SHA1 Message Date
Richard Levitte
0d0769a4db Prefer ReuseAddr over Reuse, with IO::Socket::INET
Reuse is deprecated and ReuseAddr is prefered, according to documentation.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2015-12-29 17:36:08 +01:00
Matt Caswell
ef96e4a28f Add test for missing CertificateStatus message
If the client sends a status_request extension in the ClientHello
and the server responds with a status_request extension in the
ServerHello then normally the server will also later send a
CertificateStatus message. However this message is *optional* even
if the extensions were sent. This adds a test to ensure that if
the extensions are sent then we can still omit the message.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2015-12-27 21:59:04 +00:00
Roumen Petrov
3eabad02d6 remove duplicates in util/libeay.num
Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Rich Salz <rsalz@openssl.org>

RT: #4195, MR: #1521
2015-12-23 20:40:54 +01:00
Dr. Stephen Henson
02a60ae28f add -unref option to mkerr.pl
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-12-22 19:20:11 +00:00
Dr. Stephen Henson
0f6a2a97a5 In mkerr.pl look in directories under ssl/
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-12-22 16:52:27 +00:00
Dr. Stephen Henson
5378186199 make update
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-12-22 15:16:56 +00:00
Rich Salz
4fae386cb0 Cleanup CRYPTO_{push,pop}_info
Rename to OPENSSL_mem_debug_{push,pop}.
Remove simple calls; keep only calls used in recursive functions.
Ensure we always push, to simplify so that we can always pop

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-12-22 09:11:07 -05:00
Rich Salz
c99de0533d Rename *_realloc_clean to *_clear_realloc
Just like *_clear_free routines.  Previously undocumented, used
a half-dozen times within OpenSSL source.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-12-22 07:32:51 -05:00
Rich Salz
33eaf4c27e mem-cleanup, cont'd.
Remove LEVITTE_DEBUG_MEM.
Remove {OPENSSL,CRYPTO}_remalloc.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2015-12-16 22:23:57 -05:00
Rich Salz
7644a9aef8 Rename some BUF_xxx to OPENSSL_xxx
Rename BUF_{strdup,strlcat,strlcpy,memdup,strndup,strnlen}
to OPENSSL_{strdup,strlcat,strlcpy,memdup,strndup,strnlen}
Add #define's for the old names.
Add CRYPTO_{memdup,strndup}, called by OPENSSL_{memdup,strndup} macros.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-12-16 16:14:49 -05:00
Dr. Stephen Henson
91b0d2c114 make update
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-12-16 14:17:53 +00:00
Matt Caswell
3addf183fa Fix updating via mkdef.pl
The previous commit introduced a new file format for ssleay.num and
libeay.num, i.e. the introduction of a version field. Therefore the update
capability in mkdef.pl needs updating to take account of the new format.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-12-15 16:46:48 +00:00
Matt Caswell
e863d92010 Don't export internal symbols
On Linux when creating the .so file we were exporting all symbols. We should
only be exporting public symbols. This commit fixes the issue. It is only
applicable to linux currently although the same technique may work for other
platforms (e.g. Solaris should work the same way).

This also adds symbol version information to our exported symbols.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-12-15 16:46:48 +00:00
Rich Salz
2ab9687479 Remove GMP engine.
Reviewed-by: Ben Laurie <ben@openssl.org>
2015-12-15 07:59:56 -05:00
Dr. Stephen Henson
6745fcf627 make update
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2015-12-14 23:06:14 +00:00
Ben Laurie
40abdf8e39 Support ccache.
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-12-12 23:05:41 +00:00
Richard Levitte
ea11c6e920 make update, missed file
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-12-11 18:07:05 +01:00
Rob Stradling
ba67253db1 Support the TLS Feature (aka Must Staple) X.509v3 extension (RFC7633).
Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>

GH: #495, MR: #1435
2015-12-10 19:27:40 +01:00
Matt Caswell
2fb5535e64 Fix mkfiles for new directories
Add the new chacha and poly1305 directories to mkfiles.pl to enable proper
building on windows.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2015-12-10 11:58:58 +00:00
Andy Polyakov
c7b5b9f4b1 make update.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-12-10 12:06:05 +01:00
Andy Polyakov
48f1484555 Configure: make no-chacha and no-poly1305 work.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-12-10 12:05:50 +01:00
Dr. Stephen Henson
59ff61f357 remove deleted directories from mkfiles.pl
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-12-09 23:57:19 +00:00
Dr. Stephen Henson
3c4e064e78 make update
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-12-09 22:09:19 +00:00
Dr. Stephen Henson
d2ad1c9617 remove ecdsa from mkdef.pl
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-12-09 22:09:19 +00:00
Dr. Stephen Henson
cda302d94f remove ECDH from mkdef.pl
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-12-09 22:09:18 +00:00
Dr. Stephen Henson
b3fce9c91e Add extms extension
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-12-08 16:33:04 +00:00
Dr. Stephen Henson
040c878350 TLSProxy update
Add function to delete extensions and fix ClientHello repacking.

Reviewed-by: Matt Caswell <matt@openssl.org>
2015-12-08 16:33:04 +00:00
Richard Levitte
b3bb779997 make update
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-12-07 17:40:20 +01:00
Richard Levitte
959ed5316c Cleanup: rename EVP_MD_CTX_(create|init|destroy) to EVP_MD_CTX_(new|reset|free)
Looking over names, it seems like we usually use names ending with
_new and _free as object constructors and destructors.  Also, since
EVP_MD_CTX_init is now used to reset a EVP_MD_CTX, it might as well be
named accordingly.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-12-07 17:39:23 +01:00
Kurt Roeckx
361a119127 Remove support for all 40 and 56 bit ciphers.
Reviewed-by: Rich Salz <rsalz@openssl.org>

MR: #364
2015-12-05 17:45:59 +01:00
Kurt Roeckx
6f78b9e824 Remove support for SSL_{CTX_}set_tmp_ecdh_callback().
This only gets used to set a specific curve without actually checking that the
peer supports it or not and can therefor result in handshake failures that can
be avoided by selecting a different cipher.

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
2015-12-04 22:22:31 +01:00
Dr. Stephen Henson
df04754be7 make update
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-12-02 17:52:01 +00:00
Rich Salz
e6390acac9 ex_data part 2: doc fixes and CRYPTO_free_ex_index.
Add CRYPTO_free_ex_index (for shared libraries)
Unify and complete the documentation for all "ex_data" API's and objects.
Replace xxx_get_ex_new_index functions with a macro.
Added an exdata test.
Renamed the ex_data internal datatypes.

Reviewed-by: Matt Caswell <matt@openssl.org>
2015-12-01 11:48:37 -05:00
Dr. Stephen Henson
9cc6fa1ce8 make update
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-11-24 19:18:44 +00:00
Matt Caswell
22a34c2fab Implement windows async thread local variable support
Implements Thread Local Storage in the windows async port. This also has
some knock on effects to the posix and null implementations.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-11-20 23:40:23 +00:00
Matt Caswell
68487a9b06 Convert __thread to pthreads for Thread Local Storage
In theory the pthreads approach for Thread Local Storage should be more
portable.

This also changes some APIs in order to accommodate this change. In
particular ASYNC_init_pool is renamed ASYNC_init_thread and
ASYNC_free_pool is renamed ASYNC_cleanup_thread. Also introduced ASYNC_init
and ASYNC_cleanup.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-11-20 23:39:30 +00:00
Matt Caswell
e8dfb5bf8e Add ASYNC_block_pause and ASYNC_unblock_pause
There are potential deadlock situations that can occur if code executing
within the context of a job aquires a lock, and then pauses the job. This
adds an ability to temporarily block pauses from occuring whilst performing
work and holding a lock.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-11-20 23:37:17 +00:00
Matt Caswell
f4511d4897 Remove ASYNC NOEXIST functions from libeay.num
During development some functions got added and then later taken away.
Since these will never appear in a production version there is no reason
for them to appear in libeay.num flagged as "NOEXIST".

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-11-20 23:36:29 +00:00
Matt Caswell
c742f56e94 make update
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-11-20 23:35:19 +00:00
Matt Caswell
4f70d04593 make update
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-11-20 23:34:34 +00:00
Matt Caswell
252d6d3aa6 Add ASYNC_JOB pools
It is expensive to create the ASYNC_JOB objects due to the "makecontext"
call. This change adds support for pools of ASYNC_JOB objects so that we
don't have to create a new ASYNC_JOB every time we want to use one.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-11-20 23:33:46 +00:00
Matt Caswell
7070e5ca2f Use longjmp at setjmp where possible
Where we can we should use longjmp and setjmp in preference to swapcontext/
setcontext as they seem to be more performant.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-11-20 23:33:05 +00:00
Matt Caswell
5010830495 Async port to windows
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-11-20 23:32:18 +00:00
Matt Caswell
38148a234c Various windows build fixes to prepare for windows port
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-11-20 23:31:42 +00:00
Matt Caswell
a14e9ff713 Add the Dummy Async engine (dasync)
This engine is for developers of async aware applications. It simulates
asynchronous activity with external hardware. This initial version supports
SHA1 and RSA. Certain operations using those algorithms have async job
"pauses" in them - using the new libcrypto async capability.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-11-20 23:31:42 +00:00
Dr. Stephen Henson
1786086b05 make update
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-11-20 16:52:20 +00:00
Richard Levitte
a22c01244b make update
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-11-17 15:17:36 +01:00
Matt Caswell
a974e64aaa Fix SSL_use_certificate_chain_file
The new function SSL_use_certificate_chain_file was always crashing in
the internal function use_certificate_chain_file because it would pass a
NULL value for SSL_CTX *, but use_certificate_chain_file would
unconditionally try to dereference it.

Reviewed-by: Stephen Henson <steve@openssl.org>
2015-11-10 23:02:44 +00:00
Dr. Stephen Henson
f4c38857d7 Read function names from C source files.
In mkerr.pl read parse functions names in C source files and use
them for translation and sanity checks.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-11-05 15:48:37 +00:00
Rich Salz
b0700d2c8d Replace "SSLeay" in API with OpenSSL
All instances of SSLeay (any combination of case) were replaced with
the case-equivalent OpenSSL.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-10-30 17:21:42 -04:00